Protocol filter capabilities
Chuck Swiger
cswiger at mac.com
Sun Nov 27 03:16:16 GMT 2005
Alexandre DELAY wrote:
> I am looking for an efficient way to filter different protocols, such as
> edonkey or BEEP. For the moment, I think that ipfw doesn't support it.
Sure it does. Start with "deny all" [1] and then add the minimum required open
ports, preferably only for a proxy server that the clients are required to use
for all outside access. Specificly, look at and combine the closed and simple
firewall types in /etc/rc.firewall.
You might also try to use bandwidth shaping to prioritize P2P behind more
useful traffic like VOIP.
> Don't you think that it would be a nice thing to be able to include such
> "filters" from, for example, ethereal?
> Ethereal support more than 34k different protocols. It woul be nice to be
> able to choose from those filters and to apply some rules according to those
> filters.
You're talking about a reactive IDS. You can rig them up using scripts which
monitor logfiles, or something like /usr/ports/security/snort.
However, I prefer to use IDS for traffic I permit but want to monitor, not
traffic I already know I want to block.
--
-Chuck
More information about the freebsd-ipfw
mailing list